HIPAA Violations Hit Healthcare Organizations Hard
Since its initiation in 2003, HIPAA’s (Health Insurance Portability and Accountability Act’s) compliance department has levied violations on some 126,000 health care organizations.
What’s more, this number has risen significantly each year since its initiation.
For instance in 2004 about 6,500 claims were processed. Ten years later that number had jumped to almost 18,000 and currently shows no signs of slowing.
The swelling number of violations is due in part to healthcare providers’ reliance on electronic transmission and storage of patient records. (Or more specifically, their failure to demonstrate ample network, technical and physical security requirements that go along with them.)
Should OCR catch wind that any of these stringent confidentiality components are not in absolute compliance, the repercussions are steep. For instance, $1.5 million penalties can be assessed for even one violation.
Fortunately, once armed with a general knowledge of the most common types of category penalties, and the healthcare entities most likely to sustain violations, you can better insulate your organization from costly and unnecessary HIPAA fines.
What are the Most Common HIPAA Compliance Issues?
Over the last ten years, certain HIPAA violations have come up again and again. HHS.gov outlines these top five compliance issues based on frequency:
- Impermissible uses and disclosures of protected health information;
- Lack of safeguards of protected health information;
- Lack of patient access to their protected health information;
- Lack of administrative safeguards of electronic protected health information; and
- Use or disclosure of more than the minimum necessary protected health information.
Which Healthcare Organizations are Most Likely to Get Charged with a HIPAA Violation?
Technically any entity that deals with protected health information (PHI) or electronic protected health information (ePHI) is subject to HIPAA regulation and possible non-compliance fines. However it is healthcare organizations that are most commonly required to take corrective action after an audit. HHS.gov lists the most frequent healthcare violators as:
- Private Practices;
- General Hospitals;
- Outpatient Facilities;
- Pharmacies; and
- Health Plans (group health plans and health insurance issuers)
How to Avoid HIPAA Violations
According to data kept by OCR, hacking accounts for more than 23% of all HIPAA breaches. For the time being, let’s focus on the necessary technical and network safeguards of PHI and ePHI.
To decrease your organization’s hacking vulnerability, start by implementing the following:
- Make sure your malware is up to date. It will help head off viruses like ransomware from which no healthcare entity or organization is safe. February 2016, a cyber attack targeted the Hollywood Presbyterian Medical Center’s servers, encrypting patient files and demanding a staggering $3.6 million in Bitcoin to get their data back.
- Update your passwords regularly and differentiate them on all sites. Hackers frequently choose the path of least resistance. Quite often, this involves cracking weak passwords.
- Utilize next generation firewalls on your network. It’ll restrict unauthorized traffic from meddling on your network.
Ultimately, the responsibility to protect confidential PHI and ePHI is on the healthcare provider and choosing the right systems and partners to do so. They, more than any other industry, are frequently hit with HIPAA violations that can damage their reputation and drain their financial reserves. By selecting a HIPAA Compliant data center or hosting service you mitigate the risk of unwittingly compromising patient data.
Looking for a HIPAA compliant data center partner to assess and reduce your risk of a HIPAA-related violation? Contact us to speak with a HIPAA compliant trained sales representative.